[Tickets #12128] Re: Bad search filter ldap Groups

noreply at bugs.horde.org noreply at bugs.horde.org
Fri May 9 13:58:11 UTC 2014 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12128
------------------------------------------------------------------------------
  Ticket             | 12128
  Updated By         | gerard.breiner at ias.u-psud.fr
  Summary            | Bad search filter ldap Groups
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Bug
  State              | Assigned
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             | Jan Schneider
------------------------------------------------------------------------------


gerard.breiner at ias.u-psud.fr (2014-05-09 13:58) wrote:

Hello Jan and all,

I come with a solution that seems to solve the issue of bad filter  
(&(objectclass=)(=userid)) error when attrisdn is checked....

  My solution:

I added two parameters into horde/config/conf.xml just before attrisdn.

<configstring name="uid" desc="User uid field">
        uid</configstring>
        <configstring name="filter" desc="User filter">
        (objectclass=posixAccount)</configstring>

These params are only available in the user array in findUserDN for  
authentication during the logging.
When we are in kronolith interface, a command ""echo  
$this->_config['user']"" line 879 of Horde/Ldap.php  show us that  
these params  are not longer available. By adding them into conf.xml  
we can see immediately the result.

Here is below my config Horde Group which may be help for setting up  
the others things such as $conf[group][params][basedn]
dc=example,dc=com which is very important cause this is the baseDN  
that is used into findUserDN.

I will be pleased to know if  my little contribution is of any help.

* $conf[group][driver]
 Kolab  LDAP  No Groups  SQL 
What backend should we use for Horde Groups?
* $conf[group][params][driverconfig]
 Horde defaults  Custom parameters 
Driver configuration
* $conf[group][params][hostspec]
ldap.example.com
LDAP server/hostname
$conf[group][params][port]

Port on which LDAP is listening, if non-standard
$conf[group][params][tls]

Use TLS to connect to the server?
* $conf[group][params][version]
 2 (deprecated)  3 
LDAP protocol version
* $conf[group][params][bindas]
 Bind anonymously  Bind as the currently logged-in user  Bind with  
administrative/system credentials 
Bind to LDAP as which user?
* $conf[group][params][basedn]
dc=example,dc=com
Base DN
* $conf[group][params][scope]
 Subtree search  One level 
Search scope
* $conf[group][params][gid]
cn
The group search key
* $conf[group][params][memberuid]
member
Group membership field
* $conf[group][params][uid]
uid
User uid field
* $conf[group][params][filter]
(objectclass=posixAccount)
User filter
$conf[group][params][attrisdn]

If checked, the user member attributes returned from LDAP are expected  
to be fully qualified DNs
* $conf[group][params][newgroup_objectclass]
posixGroup, hordeGroup
What objectclasses should a new group be member of? These  
objectclasses should cover the mail and gidnumber attributes as well  
as the group search key
$conf[group][params][writedn]
uid=webadm,ou=personnes,dc=example,dc=com
DN used to bind for creating and editing LDAP groups.
$conf[group][params][writepw]
password
Password for bind DN.
* $conf[group][params][search][filter_type]
 One or more objectclass filters  A complete LDAP filter expression 
How to specify a filter for the group lists
* $conf[group][params][search][objectclass]
posixGroup
The objectclass filter used to search for groups. Can be a single  
objectclass or a list.


Gérard

More information about the bugs mailing list